Addressed issue #134.

anuko · Jul 6, 2023 · 26e77cc · 26e77cc
1 parent a7c5d3a
commit 26e77cc
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
@@ -126,7 +126,7 @@ function isTrue($val)
 }
 
 // ttValidString is used to check user input to validate a string.
-function ttValidString($val, $emptyValid = false)
+function ttValidString($val, $emptyValid = false, $maxChars = 0)
 {
   if (is_null($val)) {
     return $emptyValid ? true : false;
@@ -140,6 +140,10 @@ function ttValidString($val, $emptyValid = false)
   if (stristr($val, '<script>') || stristr($val, '<script '))
     return false;
 
+  // Count of UTF-8 characters in string must not exceeed $maxChars.
+  if ($maxChars > 0 && mb_strlen($val, 'UTF-8') > $maxChars) // 4 byte emojis are counted as 1 each, newlines as 2.
+    return false;
+
   return true;    
 }
 

diff --git a/initialize.php b/initialize.php
@@ -21,7 +21,7 @@
     die("mysqli_report function is not available."); // No point to continue as mysqli will not work.
 }
 
-define("APP_VERSION", "1.22.22.5813");
+define("APP_VERSION", "1.22.22.5814");
 define("APP_DIR", dirname(__FILE__));
 define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
 define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");
@@ -117,6 +117,9 @@
 
 define('CHARSET', 'utf-8');
 
+// Definitions of max counts of utf8mb4 characters for various varchar database fields.
+define('MAX_DESCR_CHARS', 255);
+
 date_default_timezone_set(@date_default_timezone_get());
 
 // Initialize global objects that are needed for the application.

diff --git a/task_add.php b/task_add.php
@@ -40,7 +40,7 @@
 if ($request->isPost()) {
   // Validate user input.
   if (!ttValidString($cl_name)) $err->add($i18n->get('error.field'), $i18n->get('label.thing_name'));
-  if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+  if (!ttValidString($cl_description, true, MAX_DESCR_CHARS)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
 
   if ($err->no()) {
     if (!ttTaskHelper::getTaskByName($cl_name)) {

diff --git a/task_edit.php b/task_edit.php
@@ -55,7 +55,7 @@
 if ($request->isPost()) {
   // Validate user input.
   if (!ttValidString($cl_name)) $err->add($i18n->get('error.field'), $i18n->get('label.thing_name'));
-  if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+  if (!ttValidString($cl_description, true, MAX_DESCR_CHARS)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
   if (!ttValidStatus($cl_status)) $err->add($i18n->get('error.field'), $i18n->get('label.status'));
 
   if ($err->no()) {